Hackers Heavily Targeted Social Networking Websites in 2009

According to a WHID (Web Hacking Incidents Database) report, cyber criminals heavily targeted social-networking websites during 2009.

Figures compiled for this report indicate that hackers used Facebook and Twitter as their premier targets. About 19% of incidents during January-June 2009 targeted social networks.

The report highlights that a lot of attacks against social-networking websites were based on XSS (cross-site scripting) bugs. Moreover, inadequate controls to block automatic attacks allow hackers to steal login credentials. In one incident, an attacker hacked an Admin account of Twitter, which contained a tool for password reset, and hijacked 33 accounts of high-profile personalities like President Barack Obama.

During 2009, website defacement continued to be the top motivator for Web-based attacks (28%). To explain defacement, the report states that it includes covert alterations and visible alterations. An example of covert alterations is malware installation. Hackers exploit flaws in Web applications for installing malicious software, which then contaminates visitors to the websites. These compromised websites become the criminals' key mode for disseminating Trojans, rootkits and viruses.

While these mediums of attack prevail, SQL Injection continues to be the most abused security flaw. With this attack, hackers insert malevolent JavaScript and change database contents. On the whole, the assault more or less appears similar to an XSS attack. This is because the assault ultimate objective is to execute malevolent JavaScript inside the victim's browser for theft of login credentials meant for accessing other Web programs.

Apart from these attack methods, another mainstream hacking tool during 2009 was CSRF (cross-site request forgery). An increase in hackers' exploitation of CSRF flaws matches 'abuse of authentication' because it provides a substitute technique for executing activities in the victim's name. Attackers leveraged CSRF attack methods to launch virus-based assaults, which quickly spread throughout Twitter and other social-networking websites.

Finally, the report authors state that it isn't enough to just have the knowledge of these threats - threats related to SQL Injections, social-networking sites, XSS, and CSRF attacks. Web surfers should understand the way to safeguard applications' integrity if they encountered these problems.

Related article: Hackers Redirect Windows Live Search to Malicious Sites

» SPAMfighter News - 3/4/2010